what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

VMware Security Advisory 2006-0009

VMware Security Advisory 2006-0009
Posted Nov 14, 2006
Authored by VMware | Site vmware.com

VMware Security Advisory - A new update has been released for VMware ESX Server version 3.0.0. This patch addresses the AMD fxsave/restore security vulnerability.

tags | advisory
advisories | CVE-2006-1056
SHA-256 | 78846882184d41c6d2c5180d83b747c2b360fed571e938081cf437e66aec9aae

VMware Security Advisory 2006-0009

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2006-0009
Synopsis: VMware ESX Server 3.0.0 AMD fxsave/restore issue
Knowledge base URL:http://kb.vmware.com/kb/2533126
Issue date: 2006-10-31
Updated on: 2006-11-13
CVE-2006-1056
- - -------------------------------------------------------------------

1. Summary:

Updated package addresses an AMD fxsave/restore security vulnerability.

2. Relevant releases:

This patch is for ESX Server 3.0.0 only (with or without other patches
for ESX 3.0.0)

3. Problem description:

An AMD fxsave/restore security vulnerability. The instructions fxsave
and fxrstor on AMD CPUs are used to save or restore the FPU registers
(FOP, FIP and FDP). On AMD Opteron processors, these instructions do not
save/restore some exception related registers unless an exception is
currently being serviced. This could allow a local attacker to partially
monitor the execution path of FPU processes, possibly allowing them to
obtain sensitive information being passed through those processes.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2006-1056 to this issue.

4. Solution:

1. Log into the ESX Server service console as root.
2. Create a local depot directory.

# mkdir /var/updates
Note: VMware recommends that you use the updates directory.

3. Change your working directory to /var/updates.

# cd /var/updates

4. Download patch ESX-2533126 from http://www.vmware.com/download/vi/
into the /var/updates directory.

5. Verify the integrity of the downloaded tar file:

# md5sum ESX-2533126.tgz

6. The md5 checksum output should match the following:

f34bd684a50a29d667bd0ea5c8c8ef63 ESX-2533126.tgz

7. Extract the compressed tar archive:

# tar -xvzf ESX-2533126.tgz

8. Change to the newly created directory, /var/updates/ESX-2533126:

# cd ESX-2533126

Installation Instructions

Once you have downloaded and extracted the archive, and if you are in
the directory you created above, install the update using the following
command:

# esxupdate update

For more information on using esxupdate, please refer to the Patch
Management for ESX Server 3 tech note at
http://www.vmware.com/pdf/esx3_esxupdate.pdf.

Note: This security patch is part of the October 2006 patch release
for VI3. A second (non-security) patch is also available. Installation
of these two patches is independent and you do not need to install both
to be in a supported state. The other patch is available at
http://kb.vmware.com/kb/2666943

5. References:

http://kb.vmware.com/kb/2533126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1056
http://www.vmware.com/products/esx/
http://www.vmware.com/download/esx/

6. Contact:

http://www.vmware.com/security

VMware Security Response Policy
http://www.vmware.com/vmtn/technology/security/security_response.html

E-mail: security@vmware.com

Copyright 2006 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFFWP5d6KjQhy2pPmkRCAqgAKClk2Xhfxkv+HqPQ/e3fRSWuHiREQCfaedN
xh2SUOf0NcmTSAofrCdFINI=
=gaBi
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close